UK businesses still not taking DR seriously enough

gallery

Business still aren't taking the issue of disaster recovery (DR) as seriously as they should be, with a third of mid-sized firms failing to have a plan in place to safeguard their website in the event of a problem, according to new research.

Despite almost three-quarters (73 per cent) of companies using their online presence in some form to do business, even those who do have a DR plan in place don't realise the impact ineffective planning will have, with just 38 per cent testing out their plans more than once a year.

"We know that the number of mid-market companies now using the internet as a business channel continues to grow, but we have been very surprised by the lack of disaster recovery planning taking place," said Jonathan Robinson, chief operating officer (COO) at NetBenefit, which commissioned Vanson Bourne to carry out the research by surveying companies with 250 or more employees.

"Nearly every day we hear about viruses, hacking and other web attacks, let alone natural disasters such as fires or floods. Yet, while many companies go to great lengths to protect their physical assets with burglar alarms and other security devices, they do little or nothing to protect their vital, online business. Research shows that more than one in four customers are likely to move to a competitor if a website is down for any reason. For many mid-sized companies this would not only damage customer-loyalty but also mean significant lost revenue."

In terms of sector-specific trends, the research found that the financial services industry appears to be leading the pack in terms of how it views DR, perhaps because most banks are now heavily reliant on the internet as a key transactional or communicational channel.

An ideal world would see every business raising the issue of DR up the agenda, but until that happens, it's important to focus on the detail rather than the numbers, according to Robinson.

"We are pleased that some people are of the view that [DR plans] need to be tested and we should give credit where credit is due as once a year is better than no testing at all," he said.

He added: "What is really important is scenario-level testing and asking the Donald Rumsfield question: 'What are the known knowns and what are the known unknowns?' I am less worried about the frequency of testing and more worried about the level of testing. Companies need to engage in worst case scenario planning and then reverse out of that. Not everyone can afford to cover each worst case scenario, but they need to have at least thought about them."

Email to a friend

Print this page